Archief - IE7 kapot / Trojan horse

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

CyFo

Legacy Member
Probleem: Internet explorer (7) werkt niet meer.
Zelfs bij het aanklikken van de .exe komt er een error dat iexplore.exe niet gevonden kan worden. :confused:
Opnieuw installeren van IE7 helpt niet

Voor te browsen gebruik ik bijna altijd Firefox maar IE7 is natuurlijk nog onmisbaar in sommige gevallen.

Tis begonnen met een trojan horse die AVG had gevonden:

wkgszvx.exe (google levert alleen dit op maar ik heb geen idee hoe die registry keys te verwijderen :help:)
trojan horse downloader.agent.AQTW


Wat ik al geprobeerd heb:

  • IE7 opnieuw installeren
  • System restore naar een situatie van een paar dagen geleden werkt niet.
  • Booten met via recovery console geeft een hal.dll error
  • Virusscanner: AVG free
  • Spybot search & destroy
  • Malwarebytes' Anti-Malware
  • Lavasoft Ad-aware
  • Combofix
  • RogueRemover

:help:
alvast bedankt!

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:17, on 2/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Daemon-Tools\daemon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9768 bytes

Juisterr

Legacy Member
Download dial-a-fix van hier:
http://wiki.djlizard.net/Dial-a-fix#Download_Dial-a-fix
Unzip het en plaats het op je bureaublad.
Het kan zijn dat er meteen een venster opgaat met de naam: "restrictive policies" bovenaan.
Sluit dit venster terug. Zo kom je in het hoofdvenster van dialafix.
Daar vink aan onder het Registration Center : Explorer/IE/OE/shell/wmp
en klik je op de 'Go' knop onderaan.

CyFo

Legacy Member
Bedankt voor de tips, maar so far nog geen succes met IE7 :sad:

a-squared Anti-Malware
a-squared Anti-Malware - Versie 4.0
Laatste Update: 2/01/2009 16:46:46

Scan instellingen:

Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Aan
ADS Scan: Aan

Scan starten: 2/01/2009 16:49:27

Key: HKEY_CLASSES_ROOT\.vnc Ontdekt: Trace.Registry.VNC.CommonComponents
c:\program files\tightvnc\tightvnc-donate.url Ontdekt: Trace.File.TightVNC 1.3!A2
c:\documents and settings\all users\menu start\programma's\tightvnc\tightvnc viewer.lnk Ontdekt: Trace.File.TightVNC 1.3!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TightVNC_is1 --> InstallLocation Ontdekt: Trace.Registry.TightVNC 1.3!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TightVNC_is1 --> NoModify Ontdekt: Trace.Registry.TightVNC 1.3!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TightVNC_is1 --> NoRepair Ontdekt: Trace.Registry.TightVNC 1.3!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TightVNC_is1 --> QuietUninstallString Ontdekt: Trace.Registry.TightVNC 1.3!A2
Key: HKEY_USERS\S-1-5-21-790525478-796845957-725345543-1003\software\kazaa Ontdekt: Trace.Registry.KaZaA!A2
C:\Documents and Settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\cookies.sqlite:1230831711140132 Ontdekt: Trace.TrackingCookie.metriweb!A2
C:\Documents and Settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\cookies.sqlite:1230850963187500 Ontdekt: Trace.TrackingCookie.com!A2
C:\Documents and Settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\cookies.sqlite:1230860348312500 Ontdekt: Trace.TrackingCookie.com!A2
C:\Documents and Settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\cookies.sqlite:1230892423984375 Ontdekt: Trace.TrackingCookie.webtrends!A2


Daarnaast ook nog in een aantal exe-files:

Trojan-Spy.Win32.Bancos.u!IK
Trojan-Dropper.Win32.Malf!IK

* TightVNC heb ik er zelf op gezet.
* Kazaa NIET

dial-a-fix
Explorer/IE/OE/shell/wmp helpt niet (ook niet na reboot)

Daarna heb ik bij tools "Repair/reinstall" gekozen
Toen vroeg die voor de WinXp cd dus ik duwde die erin
Toen kwam er een foutmelding (ik had een screenshotje maar die is verloren gegaan)

dial-a-fix opnieuw gestart en weer "Explorer/IE/OE/shell/wmp" gekozen, geeft een error:
Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is :7.00.5730.13. Please contact [email protected] so that an exeption can be made for your version of this file.

(en 10 gelijkaardige error's)


Zou het zin hebben om met de WinXP cd te booten en dan Repair install (of zoiets) te doen?

Juisterr

Legacy Member
Vooralsnog niet.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

plaats ook een nieuw HJT logje

CyFo

Legacy Member
ComboFix:

ComboFix 09-01-02.01 - CyFo 2009-01-04 12:18:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1392 [GMT 1:00]
Gestart vanuit: c:\documents and settings\CyFo\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-04 to 2009-01-04 ))))))))))))))))))))))))))))))
.

2009-01-04 12:15 . 2009-01-04 12:15 <DIR> d-------- c:\windows\LastGood
2009-01-04 03:53 . 2009-01-04 12:14 <DIR> dr-h----- c:\documents and settings\CyFo\Onlangs geopend
2009-01-03 20:40 . 2009-01-03 20:40 <DIR> d-------- C:\ComboFix2
2009-01-03 16:52 . 2009-01-03 16:52 139,096 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 16:51 . 2009-01-03 16:51 202,008 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-03 16:51 . 2009-01-03 16:51 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-02 16:41 . 2009-01-02 20:05 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-01-02 03:30 . 2009-01-02 03:30 <DIR> d-------- c:\program files\Uniblue
2009-01-02 02:59 . 2009-01-02 03:00 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-02 02:22 . 2009-01-02 02:23 <DIR> d-------- c:\program files\RogueRemover FREE
2009-01-02 01:36 . 2009-01-02 01:35 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-01 23:51 . 2009-01-01 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-01-01 23:51 . 2008-08-28 13:16 71,184 --a------ c:\windows\system32\drivers\DefragFS.sys
2009-01-01 23:50 . 2009-01-01 23:51 <DIR> d-------- c:\program files\Raxco
2009-01-01 23:31 . 2009-01-01 23:31 <DIR> d-------- c:\program files\Trend Micro
2009-01-01 23:18 . 2009-01-02 04:21 250 --a------ c:\windows\gmer.ini
2009-01-01 21:18 . 2009-01-01 21:18 <DIR> d-------- c:\program files\Kopie van Internet Explorer
2009-01-01 19:20 . 2009-01-01 19:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\documents and settings\CyFo\Application Data\Malwarebytes
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 18:43 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 18:43 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa502671.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa502140.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa456156.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa454984.exe
2008-12-30 02:03 . 2008-12-30 02:03 <DIR> d-------- c:\program files\MobilityDotNET
2008-12-30 01:52 . 2008-12-30 01:52 0 --a------ c:\windows\ativpsrm.bin
2008-12-30 01:45 . 2008-12-01 14:35 593,920 --------- c:\windows\system32\ati2sgag.exe
2008-12-30 01:08 . 2008-12-30 01:08 <DIR> d-------- C:\ATI
2008-12-30 00:52 . 2008-12-30 00:52 <DIR> d-------- c:\program files\Rockstar Games
2008-12-30 00:51 . 2008-12-30 00:51 <DIR> dr-h----- c:\documents and settings\CyFo\Application Data\SecuROM
2008-12-30 00:44 . 2008-12-30 00:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-30 00:41 . 2008-12-30 00:41 <DIR> d-------- c:\windows\Logs
2008-12-30 00:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-30 00:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-30 00:40 . 2008-12-30 00:40 <DIR> d-------- c:\windows\system32\xlive
2008-12-30 00:40 . 2008-12-30 00:40 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-30 00:40 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-30 00:40 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-18 16:24 . 2008-12-18 16:25 <DIR> d-------- c:\documents and settings\CyFo\Application Data\U3
2008-12-15 21:28 . 2008-12-15 21:28 <DIR> d-------- c:\program files\BORGChat
2008-12-15 18:13 . 2008-12-15 18:15 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-12-11 11:24 . 2008-12-11 11:24 118 --a------ c:\windows\system32\MRT.INI
2008-12-10 00:44 . 2008-12-10 00:44 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-10 00:44 . 2008-12-10 00:44 <DIR> d-------- c:\documents and settings\CyFo\Application Data\SystemRequirementsLab
2008-12-07 01:28 . 2008-12-07 01:28 <DIR> d-------- c:\program files\Microsoft
2008-12-06 14:01 . 2008-12-06 14:00 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-05 22:36 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-05 22:36 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-05 22:35 . 2008-12-05 22:36 <DIR> d-------- c:\program files\iTunes
2008-12-05 22:35 . 2008-12-05 22:35 <DIR> d-------- c:\program files\iPod
2008-12-05 22:35 . 2008-12-05 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 00:25 . 2008-12-04 00:25 <DIR> d-------- c:\program files\PianoFX
2008-12-04 00:25 . 2000-05-22 00:00 115,920 --a------ c:\windows\system32\MSINET.OCX

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 11:15 --------- d-----w c:\documents and settings\CyFo\Application Data\Skype
2009-01-04 02:52 --------- d-----w c:\documents and settings\CyFo\Application Data\uTorrent
2009-01-03 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-03 04:02 73,408 ----a-w c:\documents and settings\CyFo\Application Data\GDIPFONTCACHEV1.DAT
2009-01-02 00:21 --------- d-----w c:\program files\National Instruments
2009-01-02 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\National Instruments
2009-01-02 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-01 19:22 --------- d-----w c:\documents and settings\CyFo\Application Data\ATI
2009-01-01 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-30 00:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 00:47 --------- d-----w c:\program files\ATI Technologies
2008-12-06 13:00 --------- d-----w c:\program files\Java
2008-12-05 21:36 --------- d-----w c:\documents and settings\CyFo\Application Data\Apple Computer
2008-12-05 21:35 --------- d-----w c:\program files\Bonjour
2008-12-05 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-05 21:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-05 19:53 --------- d-----w c:\program files\VanDale Duits
2008-12-03 22:46 --------- d-----w c:\program files\Steinberg
2008-12-03 14:24 --------- d-----w c:\program files\VISA-COM
2008-12-03 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\IVI Foundation
2008-12-03 14:21 --------- d-----w c:\program files\HI-TECH Software
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-11-29 17:00 --------- d-----w c:\program files\MSECache
2008-11-29 14:35 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-11-29 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-11-23 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 02:53 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-21 15:14 --------- d-----w c:\program files\Microsoft Works
2008-11-20 01:08 --------- d-----w c:\program files\WhatPulse
2008-11-18 12:41 --------- d-----w c:\program files\IVI
2008-11-15 12:36 --------- d-----w c:\program files\Nokia
2008-11-15 12:36 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-15 12:36 --------- d-----w c:\program files\Common Files\Nokia
2008-11-15 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-04 11:29 --------- d-----w c:\documents and settings\CyFo\Application Data\Ford Street Racing
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 04:29 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-22 04:29 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-20 12:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_ 0.10.00,45 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-02 12:00:00 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 17:02:27 38,912 -c----w c:\windows\ie7\hmmapi.dll
- 2008-06-23 09:53:58 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2008-04-14 17:03:00 18,432 -c----w c:\windows\ie7\iedw.exe
- 2004-09-02 12:00:00 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2008-04-14 17:03:01 93,184 -c----w c:\windows\ie7\iexplore.exe
- 2007-10-04 08:35:52 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-10-04 09:35:52 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
- 2006-09-06 15:43:46 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:46 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
- 2006-09-06 15:43:46 389,856 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2006-09-06 16:43:46 389,856 -c----w c:\windows\ie7\spuninst\updspapi.dll
- 2007-08-13 16:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2007-08-13 16:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-04-14 17:02:44 153,088 -c--a-w c:\windows\system32\dllcache\triedit.dll
- 2008-12-03 15:11:34 281,336 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-02 00:23:20 280,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-04 10:57:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b60.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\Daemon-Tools\daemon.exe" [2004-08-22 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\CyFo\Menu Start\Programma's\Opstarten\
BORGChat.lnk - c:\program files\BORGChat\BORGChat.exe [2007-04-01 1041920]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\wkgszvx.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^CyFo^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\CyFo\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-12-14 08:56 2782352 c:\program files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-17 21:40 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-14 18:03 172032 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-30 01:56 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\NetworkViewer\\DMNetworkViewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-20 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-20 231704]
R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86eb9b68-a1b8-11dd-b16e-0015c5ac2eda}]
\Shell\AutoRun\command - H:\RavMon.exe
\Shell\explore\Command - H:\RavMon.exe -e
\Shell\open\Command - H:\RavMon.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\
FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - component: c:\documents and settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\extensions\[email protected]\components\BkMrkExt.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 12:22:09
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Voltooingstijd: 2009-01-04 12:23:07
ComboFix-quarantined-files.txt 2009-01-04 11:23:05
ComboFix2.txt 2009-01-01 23:10:40

Pre-Run: 4,266,643,456 bytes beschikbaar
Post-Run: 4,251,013,120 bytes beschikbaar

299 --- E O F --- 2009-01-04 11:16:03

CyFo

Legacy Member
HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:04, on 4/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9379 bytes

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
H:\RavMon.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{86eb9b68-a1b8-11dd-b16e-0015c5ac2eda}]


Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif




Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.



* Download volgende tool naar je bureaublad:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Vooraleer de Flash_Disinfector.exe uit te voeren moet je ook de geïnfecteerde USB stick insteken, zodat het de malware componenten ook daar kan verwijderen.
Daarna dubbelklik de Flash_Disinfector.exe om de tool te starten.
Je bureaublad en icoontjes zullen even verdwijnen. Dit is normaal.
Nadat de tool zijn werk heeft uitgevoerd, herstart de pc.

jdiezrequejo

Legacy Member
Ik heb dus precies hetzelfde probleem!
Dit ook sinds enkele dagen..
In de tussen tijd heb ik ook geprobeerd om dus AVG 7.5 te verwijderen, en hierna IE te starten, maar dit mocht niet baten.
IE opende zichzelf wel 70 keer.. Hierna liep mijn pc vast.

Hierna heb ik dan dus IE 8, en AVG 8 geïnstalleerd maar blijf ik hetzelfde probleem houden.

Ik hou dit topic in de gaten. Mocht hier een oplossing komen, lees ik hem graag :)

CyFo enig idee waardoor jij dit hebt opgelopen?
Naar mijn weten heb ik eigenlijk niks bijzonders gedaan...

CyFo

Legacy Member
ComboFix 09-01-02.01 - CyFo 2009-01-04 19:11:19.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1204 [GMT 1:00]
Gestart vanuit: c:\documents and settings\CyFo\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\CyFo\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
H:\RavMon.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-04 to 2009-01-04 ))))))))))))))))))))))))))))))
.

2009-01-04 12:15 . 2009-01-04 12:15 <DIR> d-------- c:\windows\LastGood
2009-01-04 03:53 . 2009-01-04 19:07 <DIR> dr-h----- c:\documents and settings\CyFo\Onlangs geopend
2009-01-03 20:40 . 2009-01-03 20:40 <DIR> d-------- C:\ComboFix2
2009-01-03 16:52 . 2009-01-03 16:52 139,096 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 16:51 . 2009-01-03 16:51 202,008 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-03 16:51 . 2009-01-03 16:51 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-02 16:41 . 2009-01-02 20:05 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-01-02 03:30 . 2009-01-02 03:30 <DIR> d-------- c:\program files\Uniblue
2009-01-02 02:59 . 2009-01-02 03:00 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-02 02:22 . 2009-01-02 02:23 <DIR> d-------- c:\program files\RogueRemover FREE
2009-01-02 01:36 . 2009-01-02 01:35 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-01 23:51 . 2009-01-01 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-01-01 23:51 . 2008-08-28 13:16 71,184 --a------ c:\windows\system32\drivers\DefragFS.sys
2009-01-01 23:50 . 2009-01-01 23:51 <DIR> d-------- c:\program files\Raxco
2009-01-01 23:31 . 2009-01-01 23:31 <DIR> d-------- c:\program files\Trend Micro
2009-01-01 23:18 . 2009-01-02 04:21 250 --a------ c:\windows\gmer.ini
2009-01-01 21:18 . 2009-01-01 21:18 <DIR> d-------- c:\program files\Kopie van Internet Explorer
2009-01-01 19:20 . 2009-01-01 19:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\documents and settings\CyFo\Application Data\Malwarebytes
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 18:43 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 18:43 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa502671.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa502140.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa456156.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa454984.exe
2008-12-30 02:03 . 2008-12-30 02:03 <DIR> d-------- c:\program files\MobilityDotNET
2008-12-30 01:52 . 2008-12-30 01:52 0 --a------ c:\windows\ativpsrm.bin
2008-12-30 01:45 . 2008-12-01 14:35 593,920 --------- c:\windows\system32\ati2sgag.exe
2008-12-30 01:08 . 2008-12-30 01:08 <DIR> d-------- C:\ATI
2008-12-30 00:52 . 2008-12-30 00:52 <DIR> d-------- c:\program files\Rockstar Games
2008-12-30 00:51 . 2008-12-30 00:51 <DIR> dr-h----- c:\documents and settings\CyFo\Application Data\SecuROM
2008-12-30 00:41 . 2008-12-30 00:41 <DIR> d-------- c:\windows\Logs
2008-12-30 00:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-30 00:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-30 00:40 . 2008-12-30 00:40 <DIR> d-------- c:\windows\system32\xlive
2008-12-30 00:40 . 2008-12-30 00:40 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-30 00:40 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-30 00:40 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-18 16:24 . 2008-12-18 16:25 <DIR> d-------- c:\documents and settings\CyFo\Application Data\U3
2008-12-15 21:28 . 2008-12-15 21:28 <DIR> d-------- c:\program files\BORGChat
2008-12-15 18:13 . 2008-12-15 18:15 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-12-11 11:24 . 2008-12-11 11:24 118 --a------ c:\windows\system32\MRT.INI
2008-12-10 00:44 . 2008-12-10 00:44 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-10 00:44 . 2008-12-10 00:44 <DIR> d-------- c:\documents and settings\CyFo\Application Data\SystemRequirementsLab
2008-12-07 01:28 . 2008-12-07 01:28 <DIR> d-------- c:\program files\Microsoft
2008-12-06 14:01 . 2008-12-06 14:00 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-05 22:36 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-05 22:36 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-05 22:35 . 2008-12-05 22:36 <DIR> d-------- c:\program files\iTunes
2008-12-05 22:35 . 2008-12-05 22:35 <DIR> d-------- c:\program files\iPod
2008-12-05 22:35 . 2008-12-05 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 00:25 . 2008-12-04 00:25 <DIR> d-------- c:\program files\PianoFX
2008-12-04 00:25 . 2000-05-22 00:00 115,920 --a------ c:\windows\system32\MSINET.OCX

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 18:11 --------- d-----w c:\documents and settings\CyFo\Application Data\uTorrent
2009-01-04 13:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 11:15 --------- d-----w c:\documents and settings\CyFo\Application Data\Skype
2009-01-03 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-03 04:02 73,408 ----a-w c:\documents and settings\CyFo\Application Data\GDIPFONTCACHEV1.DAT
2009-01-02 00:21 --------- d-----w c:\program files\National Instruments
2009-01-02 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\National Instruments
2009-01-02 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-01 19:22 --------- d-----w c:\documents and settings\CyFo\Application Data\ATI
2009-01-01 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-30 00:47 --------- d-----w c:\program files\ATI Technologies
2008-12-06 13:00 --------- d-----w c:\program files\Java
2008-12-05 21:36 --------- d-----w c:\documents and settings\CyFo\Application Data\Apple Computer
2008-12-05 21:35 --------- d-----w c:\program files\Bonjour
2008-12-05 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-05 21:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-05 19:53 --------- d-----w c:\program files\VanDale Duits
2008-12-03 22:46 --------- d-----w c:\program files\Steinberg
2008-12-03 14:24 --------- d-----w c:\program files\VISA-COM
2008-12-03 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\IVI Foundation
2008-12-03 14:21 --------- d-----w c:\program files\HI-TECH Software
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-11-29 17:00 --------- d-----w c:\program files\MSECache
2008-11-29 14:35 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-11-29 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-11-23 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 02:53 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-21 15:14 --------- d-----w c:\program files\Microsoft Works
2008-11-20 01:08 --------- d-----w c:\program files\WhatPulse
2008-11-18 12:41 --------- d-----w c:\program files\IVI
2008-11-15 12:36 --------- d-----w c:\program files\Nokia
2008-11-15 12:36 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-15 12:36 --------- d-----w c:\program files\Common Files\Nokia
2008-11-15 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-04 11:29 --------- d-----w c:\documents and settings\CyFo\Application Data\Ford Street Racing
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 04:29 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-22 04:29 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-20 12:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_ 0.10.00,45 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-02 12:00:00 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 17:02:27 38,912 -c----w c:\windows\ie7\hmmapi.dll
- 2008-06-23 09:53:58 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2008-04-14 17:03:00 18,432 -c----w c:\windows\ie7\iedw.exe
- 2004-09-02 12:00:00 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2008-04-14 17:03:01 93,184 -c----w c:\windows\ie7\iexplore.exe
- 2007-10-04 08:35:52 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-10-04 09:35:52 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
- 2006-09-06 15:43:46 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:46 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
- 2006-09-06 15:43:46 389,856 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2006-09-06 16:43:46 389,856 -c----w c:\windows\ie7\spuninst\updspapi.dll
- 2007-08-13 16:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2007-08-13 16:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-04-14 17:02:44 153,088 -c--a-w c:\windows\system32\dllcache\triedit.dll
- 2008-12-03 15:11:34 281,336 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-02 00:23:20 280,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-04 10:57:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b60.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\Daemon-Tools\daemon.exe" [2004-08-22 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\CyFo\Menu Start\Programma's\Opstarten\
BORGChat.lnk - c:\program files\BORGChat\BORGChat.exe [2007-04-01 1041920]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\wkgszvx.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^CyFo^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\CyFo\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-12-14 08:56 2782352 c:\program files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-17 21:40 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-14 18:03 172032 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-30 01:56 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\NetworkViewer\\DMNetworkViewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-20 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-20 231704]
R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86eb9b68-a1b8-11dd-b16e-0015c5ac2eda}]
\Shell\AutoRun\command - H:\RavMon.exe
\Shell\explore\Command - H:\RavMon.exe -e
\Shell\open\Command - H:\RavMon.exe
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\
FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - component: c:\documents and settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\extensions\[email protected]\components\BkMrkExt.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 19:13:33
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Voltooingstijd: 2009-01-04 19:14:34
ComboFix-quarantined-files.txt 2009-01-04 18:14:31
ComboFix2.txt 2009-01-04 11:23:09
ComboFix3.txt 2009-01-01 23:10:40

Pre-Run: 12.161.269.760 bytes beschikbaar
Post-Run: 12,145,745,920 bytes beschikbaar

302 --- E O F --- 2009-01-04 11:16:03

Geen idee hoe ik het heb opgelopen ... een van de dingen die ik vlak ervoor heb gedaan is Mobility Modder installeren om op mijn dell laptop toch de nieuwste ATI Radeon drivers te installeren. Maar ik denk niet dat het daarvan komt.

Ik snap er hoe langer hoe minder van :)

Juisterr

Legacy Member
U heeft vast de flashdrive tool niet gebruikt, wil je die gebruiken voor je usb sticks en dan pas de combofix doen aub.

CyFo

Legacy Member
Ik heb de flashdrive tool wél gebruikt, maar pas NA combofix (volgorde zoals het in je post stond ;))

Straks zal ik de volgorde omkeren dan :)

CyFo

Legacy Member
ComboFix 09-01-05.03 - CyFo 2009-01-06 2:09:38.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1390 [GMT 1:00]
Gestart vanuit: c:\documents and settings\CyFo\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\CyFo\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
H:\RavMon.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))))
.

2009-01-04 03:53 . 2009-01-06 02:08 <DIR> dr-h----- c:\documents and settings\CyFo\Onlangs geopend
2009-01-03 20:40 . 2009-01-03 20:40 <DIR> d-------- C:\ComboFix2
2009-01-03 16:52 . 2009-01-03 16:52 139,096 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 16:51 . 2009-01-03 16:51 202,008 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-03 16:51 . 2009-01-03 16:51 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-02 16:41 . 2009-01-02 20:05 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-01-02 03:30 . 2009-01-02 03:30 <DIR> d-------- c:\program files\Uniblue
2009-01-02 02:59 . 2009-01-02 03:00 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-02 02:22 . 2009-01-02 02:23 <DIR> d-------- c:\program files\RogueRemover FREE
2009-01-02 01:36 . 2009-01-02 01:35 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-01 23:51 . 2009-01-01 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-01-01 23:51 . 2008-08-28 13:16 71,184 --a------ c:\windows\system32\drivers\DefragFS.sys
2009-01-01 23:50 . 2009-01-01 23:51 <DIR> d-------- c:\program files\Raxco
2009-01-01 23:31 . 2009-01-01 23:31 <DIR> d-------- c:\program files\Trend Micro
2009-01-01 23:18 . 2009-01-02 04:21 250 --a------ c:\windows\gmer.ini
2009-01-01 21:18 . 2009-01-01 21:18 <DIR> d-------- c:\program files\Kopie van Internet Explorer
2009-01-01 19:20 . 2009-01-01 19:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\documents and settings\CyFo\Application Data\Malwarebytes
2009-01-01 18:43 . 2009-01-01 18:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 18:43 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 18:43 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa502671.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa502140.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa456156.exe
2008-12-30 02:16 . 2008-12-30 02:16 5,127,312 --a------ c:\windows\system32\xa454984.exe
2008-12-30 02:03 . 2008-12-30 02:03 <DIR> d-------- c:\program files\MobilityDotNET
2008-12-30 01:52 . 2008-12-30 01:52 0 --a------ c:\windows\ativpsrm.bin
2008-12-30 01:45 . 2008-12-01 14:35 593,920 --------- c:\windows\system32\ati2sgag.exe
2008-12-30 01:08 . 2008-12-30 01:08 <DIR> d-------- C:\ATI
2008-12-30 00:52 . 2008-12-30 00:52 <DIR> d-------- c:\program files\Rockstar Games
2008-12-30 00:51 . 2008-12-30 00:51 <DIR> dr-h----- c:\documents and settings\CyFo\Application Data\SecuROM
2008-12-30 00:41 . 2008-12-30 00:41 <DIR> d-------- c:\windows\Logs
2008-12-30 00:41 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-30 00:41 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-30 00:40 . 2008-12-30 00:40 <DIR> d-------- c:\windows\system32\xlive
2008-12-30 00:40 . 2008-12-30 00:40 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-30 00:40 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-30 00:40 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-12-18 16:24 . 2008-12-18 16:25 <DIR> d-------- c:\documents and settings\CyFo\Application Data\U3
2008-12-15 21:28 . 2008-12-15 21:28 <DIR> d-------- c:\program files\BORGChat
2008-12-15 18:13 . 2008-12-15 18:15 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-12-11 11:24 . 2008-12-11 11:24 118 --a------ c:\windows\system32\MRT.INI
2008-12-10 00:44 . 2008-12-10 00:44 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-10 00:44 . 2008-12-10 00:44 <DIR> d-------- c:\documents and settings\CyFo\Application Data\SystemRequirementsLab
2008-12-07 01:28 . 2008-12-07 01:28 <DIR> d-------- c:\program files\Microsoft
2008-12-06 14:01 . 2008-12-06 14:00 410,984 --a------ c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 00:35 --------- d-----w c:\documents and settings\CyFo\Application Data\Skype
2009-01-05 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-04 18:11 --------- d-----w c:\documents and settings\CyFo\Application Data\uTorrent
2009-01-04 13:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 04:02 73,408 ----a-w c:\documents and settings\CyFo\Application Data\GDIPFONTCACHEV1.DAT
2009-01-02 00:21 --------- d-----w c:\program files\National Instruments
2009-01-02 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\National Instruments
2009-01-02 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-01 19:22 --------- d-----w c:\documents and settings\CyFo\Application Data\ATI
2009-01-01 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-30 00:47 --------- d-----w c:\program files\ATI Technologies
2008-12-06 13:00 --------- d-----w c:\program files\Java
2008-12-05 21:36 --------- d-----w c:\program files\iTunes
2008-12-05 21:36 --------- d-----w c:\documents and settings\CyFo\Application Data\Apple Computer
2008-12-05 21:36 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 21:35 --------- d-----w c:\program files\iPod
2008-12-05 21:35 --------- d-----w c:\program files\Bonjour
2008-12-05 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-05 21:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-05 19:53 --------- d-----w c:\program files\VanDale Duits
2008-12-03 23:25 --------- d-----w c:\program files\PianoFX
2008-12-03 22:46 --------- d-----w c:\program files\Steinberg
2008-12-03 14:24 --------- d-----w c:\program files\VISA-COM
2008-12-03 14:24 --------- d-----w c:\documents and settings\All Users\Application Data\IVI Foundation
2008-12-03 14:21 --------- d-----w c:\program files\HI-TECH Software
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-11-29 17:00 --------- d-----w c:\program files\MSECache
2008-11-29 14:35 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-11-29 14:35 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2008-11-23 11:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 02:53 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-21 15:14 --------- d-----w c:\program files\Microsoft Works
2008-11-20 01:08 --------- d-----w c:\program files\WhatPulse
2008-11-18 12:41 --------- d-----w c:\program files\IVI
2008-11-15 12:36 --------- d-----w c:\program files\Nokia
2008-11-15 12:36 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-15 12:36 --------- d-----w c:\program files\Common Files\Nokia
2008-11-15 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 04:29 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-22 04:29 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-20 12:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_ 0.10.00,45 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-02 12:00:00 38,912 -c----w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 17:02:27 38,912 -c----w c:\windows\ie7\hmmapi.dll
- 2008-06-23 09:53:58 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2008-04-14 17:03:00 18,432 -c----w c:\windows\ie7\iedw.exe
- 2004-09-02 12:00:00 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2008-04-14 17:03:01 93,184 -c----w c:\windows\ie7\iexplore.exe
- 2007-10-04 08:35:52 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-10-04 09:35:52 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll
- 2006-09-06 15:43:46 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:46 216,800 -c----w c:\windows\ie7\spuninst\spuninst.exe
- 2006-09-06 15:43:46 389,856 -c----w c:\windows\ie7\spuninst\updspapi.dll
+ 2006-09-06 16:43:46 389,856 -c----w c:\windows\ie7\spuninst\updspapi.dll
- 2007-08-13 16:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2007-08-13 16:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-04-14 17:02:44 153,088 -c--a-w c:\windows\system32\dllcache\triedit.dll
- 2008-12-03 15:11:34 281,336 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-02 00:23:20 280,536 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-06 00:24:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_15c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\Daemon-Tools\daemon.exe" [2004-08-22 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\CyFo\Menu Start\Programma's\Opstarten\
BORGChat.lnk - c:\program files\BORGChat\BORGChat.exe [2007-04-01 1041920]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\wkgszvx.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^CyFo^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\CyFo\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-12-14 08:56 2782352 c:\program files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-17 21:40 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-14 18:03 172032 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-30 01:56 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\NetworkViewer\\DMNetworkViewer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-20 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-20 231704]
R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-23 27904]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {4830D214-9E9B-4106-B858-715132589C4E} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\
FF - prefs.js: browser.search.selectedEngine - Van Dale Woordenboek
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - component: c:\documents and settings\CyFo\Application Data\Mozilla\Firefox\Profiles\abeyn6e7.default\extensions\[email protected]\components\BkMrkExt.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 02:12:01
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\avgrsstx.dll
.
Voltooingstijd: 2009-01-06 2:12:56
ComboFix-quarantined-files.txt 2009-01-06 01:12:54
ComboFix2.txt 2009-01-04 18:14:35
ComboFix3.txt 2009-01-04 11:23:09
ComboFix4.txt 2009-01-01 23:10:40

Pre-Run: 12.085.080.064 bytes beschikbaar
Post-Run: 11,997,351,936 bytes beschikbaar

298 --- E O F --- 2009-01-04 11:16:03

CyFo

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:26, on 6/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Daemon-Tools\daemon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4830D214-9E9B-4106-B858-715132589C4E}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9607 bytes

PS:

C & D = HD
H = externe HD
I = USB stick


Ik heb trouwens in CFScript.txt de spatie uit "curre ntversion" maar weggehaald. In de logs staat die spatie er effectief maar in het register zelf is het uiteraard zonder spatie.

Het ziet ernaar uit dat ik nu van dat RavMon-virus af ben?

Juisterr

Legacy Member
Deïnstalleer combofix:
- Ga naar start > uitvoeren en typ ComboFix /u
- Klik vervolgens op 2. en klik enter


en ja u is eraf.

CyFo

Legacy Member
Bedankt !

IE7 werkt wel nog niet :sad:

Ik heb nog eens geprobeerd om het te fixen met dial-a-fix en met de installer voor IE7 maar niks helpt :(

jdiezrequejo

Legacy Member
[message=31314771,noline]tsl schreef op donderdag 08 januari 2009 @ 22:43[/message]:
Kijk eens in de registry naar deze key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Ik verwacht dat als je deze weggooit IE weer werkt.
Maak voor de wijziging natuurlijk een kopie van de registry.

Nadat ik eerst adaware en daarna Malwarebytes' Anti-Malware heb laten scannen.
En hierna (volgens mij) het virus had verwijdert deed IE het nog niet.

Nu heb ik deze key uit het register verwijderd. Opnieuw opgestart. En hij deed het weer!!

Waarvoor dank. :)
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan